Self Extracting Encrypted Archive

I was hasty creating a self extracting encrypted archive at one point. I may not be able to get to the original files. The file size is over 4GB and Windows XP indicates that it is not a valid format. Is there a way to manually access this file of course assuming one supplies the correct password?

I did try to rename the extension to .pae but PA gives a message about unknown encryption method.

1st thing you need to do is atempt to fix the file in order for PA to recognise the format/encryption once you have done that then try entering the apparent password.

However, on the chance the algorithm’s have been damaged due to a “hasty” creation or another reason then unfortunatly the bad news is it will be difficult and pritty much impossible to know where to start.

ie… the container code which instructs applications such as pa on how to read the data or the encryption method.

Tried Hex editing the beginning of the file with some test files but was not successful. These were about 4MB. When I renamed the file from *.exe to *.pae it seems to see the file within PA but gives a message about unknown encryption method. I was going to try adding the name of the encryption method similar to a normal .PAE file.

I got it with a smaller test file.
Use the part from a .pae file using the same encryption method and password. The file name matters not. Take the beginning of the .PAE file including the seemingly blank space “0D0A0D0A”. I was leaving this as “00000000” originally. Add the part starting with SHA-1 from the .EXE file and save the combined as a .PAE file and voila. I’ll have to try the larger file later tonight. Heading over to visit family and watch President Bush on Deal or No Deal.

He had pre-recorded a message for a soldier that had been on three tours through Iraq. The guy won $78K.

Now back to our regular programming:

What one has to do assuming one knows the password:
1. Create a “.PAE” file with the same encryption method. The password HASH from the executable file matters. Even using the same password, the hashes can differ and PA would think it is the wrong password.
2. Take the header of the “.PAE” file ending at the end of "SHA-1 ". The space is “20” in hex. Copy this into the beginning of the executable file.
3. Cut/Delete the portion after the newly pasted "SHA-1 " up until the end of the "SHA-1 " the was originally in the “.EXE” file.
4. Erase all but 4 bytes of emtpy space “00000000” after the hash in the “.EXE” file.
5. Rewrite the remaining 4 bytes of empty space to “0D0A0D0A”. “0D0A” is used as a separator.
6. Save the file as “something.pae”.

The name indicated in the beginning of the file does not matter though it will become the name of the decrypted file.

I used HxD Hex Editor which can handle files larger than 4GB. Not all hex editors can.

@spwolf:
You can help us test it here:
http://www.powerarchiver.com/test/release15/powarc150301.exe
We still did not have time to test it properly, so it would be helpful… thanks!
Yes, seems fine to me.
Thank you.

@joakim_46:
I know it can’t extract, so why is the purpose of having shell options for that unsupported format? And by the way, it would be nice to support Inno setup executables, like innounp.
I think it is because InnoSetup may use lzma compression (7z) and PA ShellExt recognize it as normal archive.
This does not happen with x64 shell extensions.
I think Ivan will fix this soon.